+1-888-365-2779
Try Now
More in this section

Forums / Set-up & Installation / Permissions issue (which folders need which permissions for Sitefinity sites?)

Permissions issue (which folders need which permissions for Sitefinity sites?)

5 posts, 0 answered
  1. Marko
    Marko avatar
    148 posts
    Registered:
    30 Jul 2008
    12 Feb 2010
    Link to this post
    Hi.

    I'm having some trouble [re]configuring permissions for my Sitefinity site development/testing environment.  First, I am using .NET impersonation to run my site.  In my web.config I have:

    <identity impersonate="true" password="xxxx" userName="domain\SF-service" />

    My SQL database is on another machine, and it's configured properly to allow the domain\SF-service account.  Let's assume the problem is not on the SQL Server end.

    Now, because I'm using .NET impersonation, I simply set my App Pool account in IIS to be just NETWORK SERVICE, because my site will use the impersonated domain\SF-service account.

    So, my question is, what local permissions do I need to give to the domain\SF-service account?

    I went to the following locations and and gave domain\SF-service account as much as FULL rights, without any luck:
         C:\Users\myUserName\AppData\Local\Temp\Temporary ASP.NET Files
         C:\....\myDevSiteFolder

    These are not enough, because I get some weird errors when I try to run the site.  I get either:
    Could not load file or assembly 'AjaxControlToolkit' or one of its dependencies. Access is denied.
    or
    Could not load file or assembly 'Telerik.Framework, Version=3.7.2057.2, Culture=neutral, PublicKeyToken=dfeaee0e3978ac79' or one of its dependencies. Access is denied.

    Now, if I add domain\SF-service to my local ADMINISTRATORS group, everything runs fine.  But I would prefer not to put it in the Administrators group, and rather give it just enough access so that it can run my Sitefinity dev site.  So obviously, I'm missing some permissiond on some folder(s) for the domain\SF-service account.  What am I missing?
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    13 Feb 2010
    Link to this post
    Hi Marko,

    You could try to make the assembly copy local or put the assembly in the GAC. Try giving read and execution permissions to the bin/AjaxControlToolkit.dll file for everyone

    Take a look at these articles


    Regards,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. Marko
    Marko avatar
    148 posts
    Registered:
    30 Jul 2008
    15 Feb 2010
    Link to this post
    I figured it out... I was setting permissions on the wrong "Temporary ASP.NET Files" folder.  There is one in C:\Users\myUserName\AppData\Local\Temp\Temporary ASP.NET Files, but the one I really needed to give permissions to is in C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files.

    The one under C:\Users...  is probably only used by Visual Studio, when running its internal dev server.

    Sorry, and thanks for the response, Ivan.  Hopefully someone else will find this useful in the future, if they make the same mistake as I did. :-)
  4. Da NuGai
    Da NuGai avatar
    1 posts
    Registered:
    30 Mar 2010
    30 Mar 2010
    Link to this post
    Instead of giving it full permission to Temp Asp.Net Folder, what if you add domain\SF-service to IIS_WPG group?
  5. Marko
    Marko avatar
    148 posts
    Registered:
    30 Jul 2008
    30 Mar 2010
    Link to this post
    Didn't try that, but I have created a local group called Dev Service Accounts, or something like that, and gave it appropriate permissions on the ASP.NET folder.

    However, I have also decided to change my approach when developing stuff on my machine (which is where I was running into this problem).  I just comment out the <impersonate... /> line, and basically let it run under the system account.  Works better for development and testing because I don't have to worry about the permissions.  Then for production, I'd uncomment the line, and everybody's happy. :-)
Register for webinar
5 posts, 0 answered